diff --git a/internal/multiplex/switchboard.go b/internal/multiplex/switchboard.go index e2685e6..b711a3c 100644 --- a/internal/multiplex/switchboard.go +++ b/internal/multiplex/switchboard.go @@ -19,7 +19,7 @@ type switchboardConfig struct { strategy switchboardStrategy } -// switchboard is responsible for keeping the reference of TLS connections between client and server +// switchboard is responsible for keeping the reference of TCP connections between client and server type switchboard struct { session *Session diff --git a/internal/server/auth.go b/internal/server/auth.go index 07963ae..578fe4c 100644 --- a/internal/server/auth.go +++ b/internal/server/auth.go @@ -40,8 +40,7 @@ var ErrCiphertextLength = errors.New("ciphertext has the wrong length") var ErrTimestampOutOfWindow = errors.New("timestamp is outside of the accepting window") var ErrUnreconisedProtocol = errors.New("unreconised protocol") -// touchStone checks if a ClientHello came from a Cloak client by checking and decrypting the fields Cloak hides data in -// It returns the ClientInfo, but it doesn't check if the UID is authorised +// touchStone checks if a the authenticationInfo are valid. It doesn't check if the UID is authorised func touchStone(ai authenticationInfo, now func() time.Time) (info ClientInfo, err error) { var plaintext []byte plaintext, err = util.AESGCMDecrypt(ai.nonce, ai.sharedSecret, ai.ciphertextWithTag) diff --git a/internal/server/websocket.go b/internal/server/websocket.go index 020b424..c2568c3 100644 --- a/internal/server/websocket.go +++ b/internal/server/websocket.go @@ -13,6 +13,9 @@ import ( log "github.com/sirupsen/logrus" ) +// since we need to read the first packet from the client to identify its protocol, the first packet will no longer +// be in Conn's buffer. However, websocket.Upgrade relies on reading the first packet for handshake, so we must +// fake a conn that returns the first packet on first read type firstBuffedConn struct { net.Conn firstRead bool @@ -35,6 +38,8 @@ type wsAcceptor struct { c *firstBuffedConn } +// net/http provides no method to serve an existing connection, we must feed in a net.Accept interface to get an +// http.Server. This is an acceptor that accepts only one Conn func newWsAcceptor(conn net.Conn, first []byte) *wsAcceptor { f := make([]byte, len(first)) copy(f, first) @@ -65,6 +70,7 @@ type wsHandshakeHandler struct { finished chan struct{} } +// the handler to turn a net.Conn into a websocket.Conn func newWsHandshakeHandler() *wsHandshakeHandler { return &wsHandshakeHandler{finished: make(chan struct{})} }